Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Reasons for creating VLAN

hello,

i have researched on VLANs and trying to find out how many VLANs to create

on a network with 200 users and about 80 servers. I have created only one user vlan and one server vlan.

I can see that for a small network, having one server vlan is appropriate.

Someone also told me that one reason to create vlan might be the traffic depend, whether it is high bandwidth..another reason is for security.

How would I depend the best practice ? I suppose I must have a traffic baseline, which I don't at work. How to go about creating VLANs?

Thank you in advance.

Paula

3 REPLIES

Re: Reasons for creating VLAN

Hello Paula,

One of the most important reasons for implementing vlans is the broadcast limitation it offers. How larger the vlan, the more broadcast traffic. What is best practice? Except from the maximum sizes (broadast traffic limitiations) this is a design-issue and different views are possible, there is no Universal Solution. Therefore, I can only tell you how I do it myself.

Currently my approach is to assign vlans per group of servers. Similar machines are grouped by OS-type or other common characteristics. (all machines for a certain application)

Uservlans can be assigned per floor or per switch. The difficulty of administration increases as vlans are added because your network becomes more complex.

General rule: There need not be more user-vlans than server-vlans.

Hope this helps you out a bit.

Regards,

Leo

Community Member

Re: Reasons for creating VLAN

Thanks Leo.

Green

Re: Reasons for creating VLAN

In a perfect networking environment, clients would be zero hops to their assigned resources. In the olden days of networking, it was not unusual to have departmental servers in the closet, with other connections to central / enterprise resources.

As resources started moving (back) into the Glass Palace, users were farther and farther (from a hop perspective) from their assigned resources.

Using VLANs allows a user' / client's resources to be put into a virtual zero-hop domain, with additional connections (through a Layer3 device) to other centralized resources (like the mail server, Internet gateway, Corporate Web / App server, etc).

While the VLAN environment doesn't have the latency advantage of a physical zero-hop environment, it does provide tighter control and security from a management perspective. Workgroup traffic can be "localized" to the VLAN (and "local" resources, like a file / print server) and properly directed to central or Enterprise resources.

Using VLANs in conjunction with HSRP (Hot Standby Routing Protocol) also can provide some redundancy and load sharing (VLAN A has a primary gateway of Router A, using Router B as a backup , VLAN B uses router B as a primary gateway and Router A as a backup) ... if either router or path drops, the clients are automatically shunted to the backup router ... with minimal disruption.

VLANs should not be implemented without a fair amount of planning. done properly, VLANs can be a Very Good Thing ... done poorly, without planning, off-the-cuff they can be your worst nightmare (troubleshooting).

Good Luck

Scott

738
Views
0
Helpful
3
Replies
CreatePlease to create content